Ports Used for Panorama
Focus
Focus

Ports Used for Panorama

Table of Contents
End-of-Life (EoL)

Ports Used for Panorama

Panorama uses the following ports.
Destination Port
Protocol
Description
22
TCP
Used for communication from a client system to the Panorama CLI interface.
443
TCP
Used for communication from a client system to the Panorama web interface.
Used for outbound communications from Panorama to the Palo Alto Networks Update Server.
444
TCP
Used for communication between Panorama and Cortex Data Lake.
3978
TCP
Used for communication between Panorama and managed firewalls or managed collectors, as well as for communication among managed collectors in a Collector Group:
  • For communication between Panorama and firewalls. This connection is initiated from the managed firewall to Panorama and facilitates a bi-directional data exchange on which the firewalls forward logs to Panorama and Panorama pushes configuration changes to the firewalls. Context switching commands are sent over the same connection.
  • Log Collectors use this destination port to forward logs to Panorama.
  • For communication with the default Log Collector on an M-Series appliance in Panorama mode and with Dedicated Log Collectors.
28443
TCP
Used for managed devices (firewalls and Log Collectors) to retrieve software and content updates from Panorama.
Only devices that run PAN-OS 8.x and later releases retrieve updates from Panorama over this port. For devices running earlier releases, Panorama pushes the update packages over port 3978.
28769
28260
TCP
TCP
Used for the HA connectivity and synchronization between Panorama HA peers using clear text communication. Communication can be initiated by either peer.
ICMP must be allowed on the network for successful Panorama HA peer connection and synchronization. Additionally, ICMP is required to monitor the failover metrics used to detect whether an HA failover is required.
28
TCP
Used for the HA connectivity and synchronization between Panorama HA peers using encrypted communication (SSH over TCP). Communication can be initiated by either peer.
Used for communication between Log Collectors in a Collector Group for log distribution.
28270
TCP
Used for communication among Log Collectors in a Collector Group for log distribution.
2049
TCP
Used by the Panorama virtual appliance to write logs to the NFS datastore.
10443SSLPort that Panorama uses to provide contextual information about a threat or to seamlessly shift your threat investigation to the Threat Vault and AutoFocus.
23000 to 23999
TCP, UDP, or SSL
Used for Syslog communication between Panorama and the Traps ESM components.